Filtering rest_authentication_errors to true to get jwt-auth work

[yoren]

Hey, thanks for this great plugin. I'm having an issue that I need to add:

add_filter( 'rest_authentication_errors', '__return_true' );

Which forcing WP API to skip the cookie authentication to get the JWT auth work. Or the response will always be something like 'rest_not_logged_in' (status 401).

Is it just me or it is the right way to get this plugin to work?

P.S. I'm using the latest WP API v2 beta 4 and the develop branch, both not working without adding this filter.

[ekandreas]

Great! I have the same trouble to get wp-api-jwt-auth to work. Will try this out.

[bobsilon]

Still I also have same problem with WordPress 4.4 and WP API v2 beta 9.
Thanks @yoren for solution.
👍

[conorw]

Hi,
I was just about to write that I had the same issue with the latest version of wordpress i.e. I can create and validate tokens fine but every WP API call returns 'rest_not_logged_in' BUT, in my case, the problem was that my WP instance was on the same domain as my 'normal' website and there were cookies left over from a previous 'normal' login to wordpress which were being sent every time with the REST call.
Clearing out my cookies for this site worked for me, but now I am left with the issue of how to identify and clear the correct cookies every time for it to work. Can anyone think of a more elegant way to solve this?
Thanks,
Conor

[corky7]

Same for me

[Tmeister]

Hi,

Is this still an issue, maybe this commit solves the problem https://github.com/Tmeister/wp-api-jwt-auth/pull/20/files ?

[apieum]

Hi, if it can help, I'm currently using your great plugin ;-) with react, I've tried to make requests with reqwest and jquery and hadn't this issue.
I'm wondering if withCredential wasn't a reason of why the cookie was sent in Yoren and others cases. (?)

In my case it works with and without credentials, but with credentials true, it returns a cookie and not when it is set to false.

[neutronstein]

@yoren where did you add this code to make it work? I am facing same issue.

[yoren]

@neutronstein I put it in my functions.php.

[neutronstein]

@yoren I did so but there is no auth required to access rest api.
@ALL Is there a way to require authentication for every endpoint except jwt one?

[dpdxscot]

I am having the same issue as @neutronstein. If I lock down the API with the following code I am not able to access any route under [wp-json].

add_filter( 'rest_authentication_errors', function( $result ) {
if ( ! empty( $result ) ) {
return $result;
}
if ( ! is_user_logged_in() ) {
return new WP_Error( 'rest_not_logged_in', 'You are not currently logged in.', array( 'status' => 401 ) );
}
return $result;
});

I want to be able to still access [/wp-json/jwt-auth/v1/token] from an external system call passing the username/password in order to get a token to use in an Authorization header to call say [/wp-json/wp/v2/posts]

However, there seems to be a missing step somewhere.

Any ideas are greatly appreciated.

Thanks!

[dpdxscot]

For those who find this post and need an answer to the above.

This will allow access to JWT Token urls to get a token and validate once REST API locked down for all calls. Tokens then allow authenticated access when put in header for all subsequent API calls.

Authorization: Bearer [token]

/* Require authentication for REST API usage */ add_filter('rest_authentication_errors', function ($result) { if (!empty($result)) { return $result; } if (!is_user_logged_in() && $_SERVER['REQUEST_URI'] !== "/wp-json/jwt-auth/v1/token" && $_SERVER['REQUEST_URI'] !== "/wp-json/jwt-auth/v1/token/validate") { return new WP_Error('rest_not_logged_in', 'You are not currently logged in.', array('status' => 401)); } return $result; });

Cheers!